Cisco PIX Device Manager features a Startup Wizard that helps accelerate the security module deployment process by providing simple, step-by-step configuration panels that help users, novice or advanced, create robust configurations that allow traffic to flow securely through their networks.

PDM 4.1 FEATURES

Homepage Gives At-A-Glance View Into System Status

Cisco PIX Device Manager Version 4.1 introduces support for additional features for easy access to the FWSM configuration and monitoring services, while providing real-time system status information. This provides live traffic profiling and device monitoring screens that provide instant access to vital system information and network statistics (Figure 1).

Figure 1. Cisco PIX Device Manager Version 4.1

ROBUST MANAGEMENT SERVICES LOWER TOTAL COST OF OWNERSHIP

Cisco PIX Device Manager features a powerful set of management services that simplify security policy definition and ongoing policy maintenance by giving security operators the ability to create reusable network and service object groups, which can be referenced by multiple security policies. It also supports the rich access control features offered by Cisco FWSM Software such as Syslog by ACL. These access control features, coupled with easy-to-use ongoing policy management services, help ensure a lower total cost of ownership for businesses of all sizes.

Cisco PIX Device Manager provides an array of robust security services to prevent unauthorized administrative access to FWSM. It supports FWSM 2.3 features like ACL override feature. User traffic is permitted if it is permitted by the per-user access-list regardless of the permit status of interface access-list.

It supports a wide range of methods for authenticating administrators to a local authentication database on a Cisco FWSM or via a RADIUS/TACACS+ server. All communications between Cisco PIX Device Manager (running on an administrator's computer) and FWSM are encrypted using Secure Sockets Layer (SSL) with either 56-bit or the more secure 128-bit SSL encryption. Cisco PIX Device Manager also supports up to sixteen levels of customizable administrative access, granting administrators and operations personnel the appropriate permission levels for every Cisco FWSM they manage.

Cisco PIX Device Manager provides easy access to managing the rich network integration features found in Cisco FWSM devices. It gives administrators complete control over Open Shortest Path First (OSPF) dynamic routing (Figure 2) and IEEE 802.1q-based VLAN interfaces (Figure 3). For novice users, it provides intelligent defaults and detailed online help to simplify network services configuration. Advanced users can take full advantage of the depth of feature support to integrate Cisco FWSM module into complex routing and switching environments.

Figure 2. OSPF Configuration

Figure 3. VLAN Configuration

RESOURCE MANAGEMENT

This feature allows you to manage the resources for ACLs. These are referred to as the ACL memory pool or ACL tree instances which are used when compiling ACLs. This allows the administrator to be able to assign contexts to ACL memory pools. This feature is available in Multi-Mode.

Cisco PIX Device Manager Version 4.1 offers in-depth monitoring and reporting services in addition to the at-a-glance monitoring capabilities on the new homepage. Versatile analysis tools create graphical summary reports that show real-time usage, security events, and network activity. Data from each graphical report can be displayed in customizable increments, where a user can choose a 10-second snapshot or analysis over an extended time line. The ability to simultaneously view multiple graphs allows users to perform detailed evaluations in parallel. Graphs can be conveniently bookmarked and data can be exported for future access.

Figure 5. Advanced Monitoring Options with Customizable Graphs

SYSTEM graphs-Provide detailed status information on the Cisco FWSM , including blocks used and free, current memory utilization, and CPU utilization.

Interface graphs-Provide real-time monitoring of bandwidth usage for each interface on the Cisco FWSM. Bandwidth usage is displayed for incoming and outgoing communications. Users can view packet rates, counts, and errors, as well as bit, byte, and collision counts.

Table 1 provides a summary of the features and benefits new to Cisco PIX Device Manager Version 4.1.

Table 1. New Features Summary

Product Features

Description

HTTPS Authentication Proxy

Provides a secured method of exchanging username and password between an HTTP client and FWSM by using HTTPS. HTTPS encrypts all the data, in this case username and password, and hence make the password secure

ACL Per User Override

User traffic is permitted if it is permitted by the per-user access-list regardless of the permit status of interface access-list

Resource Manager for ACLMemory Pool

ACL optimization for efficiency purposes. Give the administrator the ability to decide how many ACL memory pools to create instead of it being hard coded to 12

PDM Sessions Resource Limit

• It is a new limit entry that can be configured as part of a resource class for managing contexts. This new feature will enable users to set the number of PDM sessions for each context

• Increase http connection limit to support 32 simultaneous PDMs

• Enable resource management for PDM sessions

Same Security Intra Interface

Permits communication between two hosts connected to the same interface

Syslog Enhancements

Allows you to optionally deny any connections when the syslog queue is full and specify the amount of memory that can be allocated for the syslog messages per context

TFTP Fixup

Inspects the TFTP protocol and dynamically creates connection and xlate if necessary to permit file transfer between a TFTP client and server

LICENSING

• Cisco PIX Device Manager Version 4.1 is included with Cisco FWSM Software Version 2.2 and higher.

• Cisco PIX Device Manager Version 2.1 is included with Cisco FWSM Software Version 1.1 and higher.